About:

Additional Software:

Logstash Configuration:

Elasticsearch Connection

To connect to Elasticsearch Logstashs elasticsearch_http output is used (this allows for greater flexibility regarding the compatible Elasticsearch versions). Hostname and port can be configured via the ELASTICSEARCH_PORT_9200_TCP_ADDR and ELASTICSEARCH_PORT_9200_TCP_PORT environment variables. They default to elasticsearch and 9200 respectively.

Logstash Inputs

The following inputs are enabled:

logstash-forwarder on port 5043 & certificates being available in a volume bellow /mnt/logstash-forwarder.